Director, Vulnerability Management Assurance & Remediation

Director, Vulnerability Management Assurance & Remediation 

Description:

Our Why:  We exist to protect a way of life that many people have come to rely on.  We protect the small business that relies on Coupang to be able to open their doors every day.  The customer trust in protecting their PII fiercely.  Also, our fellow employees and their data as they come to work every day being proud to work for Coupang. We exist to be thought leaders and help the industry and government partners.  To come to work focused on outcomes and not egos, and to head home at the end of a day with a sense of pride with what we accomplished together as a team.  Our why drives everything that we do.

As our Director over Vulnerability Management, you will be responsible for building a new program that combines our existing foundational scanning functionality with a proactive approach to Vulnerability Management Assurance leveraging modern toolsets around data identification, classification, and retention enforcement across all possible data sources from endpoint to cloud. This is a new function being created to address the unique challenges of the eCommerce space of a global company.  You will need a proven track record of building successful programs, inspiring and developing teams, with the ability to work across levels and organizations with autonomy. In addition to being a leader, you will be a technical manager that has expert working knowledge in Cybersecurity Assurance, risk-based vulnerability and configuration management, root-cause security issues, quickly assessing the potential threats, and educating other members of the broader team.

Key Responsibilities:

• Design, develop, and maintain vulnerability scanning profiles for enterprise IT infrastructure, including servers, workstations, cloud environments, and network devices.
• Develop auditable systems to assess and validate scope, scale, and saturation of scans.
• Develop, manage, and operationalize contextually aware SBOM scanning.
• Adjust compliance scanning policies and disposition false positive scan results.
• Support expansion of the program to remaining asset categories.
• Develop and manage automated solutions for secure configuration deployment and monitoring.
• Conduct periodic assessments to validate security compliance and identify deviations from scanning configurations.
• Provide technical leadership in security configuration management, including training and mentorship for junior team members.
• Work with baseline configuration management and threat intelligence teams to enhance security postures based on evolving threats and risk assessments.
• Ensure alignment with regulatory and compliance requirements, such as PCI-DSS, HIPAA, ISO 27001, and FedRAMP.
• Document and maintain security configuration policies, procedures, and implementation guides.
• Investigate and remediate security configuration issues identified through audits, assessments, or security incidents.

Qualifications:

• 10+ years of experience in vulnerability and security configuration management, system administration, and compliance.
• Experience with workflow automation and reporting solutions.
• Expert knowledge of infrastructure, application, and cloud vulnerability detection.
• Specialized expertise in industry vulnerability management sources (CISA, CVE, NVD, etc.), public cloud hosting/architecture, and SaaS configuration monitoring tooling (e.g., Netskope).
• Strong knowledge of security frameworks, including CIS Benchmarks, NIST 800-53, DISA STIGs, and ISO 27001.
• Proficiency in scripting languages (e.g., PowerShell, Python, Bash) for automation and compliance enforcement.
• Experience with security configuration auditing and assessment tools (e.g., SCAP, Nessus, Tenable, Qualys).
• Strong problem-solving, analytical, and communication skills.
• Master’s degree or equivalent practical experience

Preferred Languages and Certifications:

• Industry certifications such as CISSP, CISM, CISA, or relevant vendor-specific certifications (AWS Security, Microsoft Security, etc.) are preferred.
• English, Korean, and Mandarin